AirDroid updated to patch MITM exposure

Following news last week of a vulnerability in the Android app AirDroid, the company announced on Friday it completed the staged rollout of AirDroid (Mobile 4.0.0.3; Mac/Win 3.3.5.3 ).

In an emailed message sent to SC Media, the company said the new version of the app improved its encryption mechanism. It is now available to all users on Google Play Store.

The flaw was reported last week by Simone Margaritelli, a security researcher at Zimperium zLabs, who explained that owing to its using insecure communication channels, the app was vulnerable to man-in-the-middle attacks, data exposure and loss of control to remote attackers

In the emailed statement, Betty Chen, chief marketing officer, AirDroid, Sand Studio, said the issue is fixed in the update. "Along with other security improvements, we have upgraded the communication channels to https and improved the encryption method. Because of AirDroid's cross-platform nature, it took us some time to design a customized solution and level up our security in all aspects."

A restructuring coding system was introduced into AirDroid4.0 and AirDroid 4.0.0.1 late in November to make certain the compatibility worked smoothly across platforms, she told SC. "After a careful assessment, we started to roll out this update partially earlier this month across clients to make sure a smooth communication is performed well. Now we can finally release this update fully to fix the issue raised as well as make sure our users are better protected."

The company will continue to enhance its app, she added. "After all, it is always AirDroid's first priority to look ahead to the rigorousness of cybersecurity, further refine AirDroid's functionality for our users and delight their multi-screen lives."